• Docker vulnerability

    From boo_ubuntu@21:4/110 to Ubuntu Users on Fri Oct 16 00:10:07 2020
    docker.io vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Docker could be made to expose sensitive information over the
    network.

    Software Description

    * docker.io - Linux container runtime

    Details

    USN-4589-1 fixed a vulnerability in containerd. This update
    provides the corresponding update for docker.io.

    Original advisory details:

    It was discovered that containerd could be made to expose
    sensitive information when processing URLs in container image
    manifests. A remote attacker could use this to trick the user and
    obtain the user's registry credentials.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    docker.io - 19.03.8-0ubuntu1.20.04.1

    Ubuntu 18.04 LTS
    docker.io - 19.03.6-0ubuntu1~18.04.2

    Ubuntu 16.04 LTS
    docker.io - 18.09.7-0ubuntu1~16.04.6

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart docker to make
    all the necessary changes.

    References

    * USN-4589-1
    * CVE-2020-15157

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)